Function Call with Incorrectly Specified Arguments in Linux kernel - CVE-2026-43200
Published: May 7, 2026
Vulnerability identifier: #VU130529
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43200
CWE-ID: CWE-628
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of callback parameters in pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() when processing configfs unlink operations. A local user can issue an unlink command in configfs to cause a denial of service.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/142b1bba3299264b76ed8ef53cd93b2b2af65d6c
- https://git.kernel.org/stable/c/1c96c1acef4b4a1108fc13f84a8ac0b0633bbb46
- https://git.kernel.org/stable/c/339191811e6fc4559c4008c5af7a91b05086d596
- https://git.kernel.org/stable/c/58686bf62cb38b92e4b28408162a5703775b4d12
- https://git.kernel.org/stable/c/733cbc3aa97e71cc70847e75c925b364cc9b04a6
- https://git.kernel.org/stable/c/8754dd7639ab0fd68c3ab9d91c7bdecc3e5740a8
- https://git.kernel.org/stable/c/aefc0e0bd20f54abe3b501b8798c0be656af272b